Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/aa270a-c089-4778-9343-b7362edbd8ac/1/DX5CUrK47-64D8qMmfVBNM-XzmE.roa
File:                     DX5CUrK47-64D8qMmfVBNM-XzmE.roa (raw, json)
Hash identifier:          ruJWnJXAx4wUaXifz3aLLOMCcSo053LulGrcvbMv5dI=
Subject key identifier:   0D:7E:42:52:B2:B8:EF:EE:B8:0F:CA:8C:99:F5:41:34:CF:97:CE:61
Certificate issuer:       /CN=a0c8cda814e777d9fe154b92e9959ce120b0ad58
Certificate serial:       01856D81D81B06F46876C0AE70D87D205180
Authority key identifier: A0:C8:CD:A8:14:E7:77:D9:FE:15:4B:92:E9:95:9C:E1:20:B0:AD:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oMjNqBTnd9n-FUuS6ZWc4SCwrVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/aa270a-c089-4778-9343-b7362edbd8ac/1/DX5CUrK47-64D8qMmfVBNM-XzmE.roa
Signing time:             Sun 01 Jan 2023 13:25:03 +0000
ROA not before:           Sun 01 Jan 2023 13:25:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206934
IP address blocks:        193.30.90.0/23 maxlen: 24
                          193.30.23.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:34:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:d8:1b:06:f4:68:76:c0:ae:70:d8:7d:20:51:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0c8cda814e777d9fe154b92e9959ce120b0ad58
        Validity
            Not Before: Jan  1 13:25:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0d7e4252b2b8efeeb80fca8c99f54134cf97ce61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:29:26:5d:a1:9f:9b:c0:f2:6a:58:3a:8c:2a:
                    ae:7a:4a:8e:6c:ff:41:20:cb:21:ac:b5:1a:8a:d9:
                    bb:ce:96:3e:92:1d:34:19:48:89:53:ad:3b:38:4a:
                    ba:c6:64:e4:ec:ca:29:ee:bf:e0:d2:a9:ab:63:a6:
                    31:d2:ea:cb:34:c1:5c:65:b8:a0:07:01:ec:94:f9:
                    79:b1:2b:11:cd:c2:44:a4:7b:8f:09:aa:9c:ee:56:
                    c9:29:25:f3:80:98:9c:f8:f4:1f:92:8b:ac:82:f9:
                    8d:a7:81:45:eb:a8:90:8e:1a:69:47:46:8f:41:97:
                    65:1d:18:92:f9:86:fe:16:85:80:b4:41:3d:b6:d1:
                    8c:25:cc:ab:10:1f:5f:09:cc:c4:a6:b1:b0:5d:64:
                    a0:e0:98:5e:36:2a:8a:7f:36:aa:62:99:23:9f:77:
                    3d:3a:d1:cd:de:15:12:60:1f:8b:5f:bd:37:8a:4d:
                    cf:aa:b7:a8:84:90:6e:75:3f:53:3b:1c:52:19:8e:
                    27:09:23:8b:96:de:44:c5:6c:e0:0c:20:03:36:8a:
                    00:2c:58:2c:9f:08:b4:7b:b0:ef:cb:8a:1b:6a:a4:
                    61:8f:f2:c4:3b:fc:f6:0a:86:5e:e5:fb:f1:be:58:
                    b8:b8:62:0d:63:34:f9:3a:d0:2f:f1:de:df:63:97:
                    42:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:7E:42:52:B2:B8:EF:EE:B8:0F:CA:8C:99:F5:41:34:CF:97:CE:61
            X509v3 Authority Key Identifier:
                keyid:A0:C8:CD:A8:14:E7:77:D9:FE:15:4B:92:E9:95:9C:E1:20:B0:AD:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oMjNqBTnd9n-FUuS6ZWc4SCwrVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/aa270a-c089-4778-9343-b7362edbd8ac/1/DX5CUrK47-64D8qMmfVBNM-XzmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/aa270a-c089-4778-9343-b7362edbd8ac/1/oMjNqBTnd9n-FUuS6ZWc4SCwrVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.23.0/24
                  193.30.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:15:66:26:56:ce:24:6c:06:ed:95:3c:60:6b:f6:8f:b8:69:
         b4:62:bc:44:ea:3a:17:4c:8b:e9:1d:0f:04:5a:3e:e8:42:74:
         d8:a4:e3:a4:60:bc:f5:fb:62:8b:6e:60:98:94:b8:c1:05:2a:
         59:ae:9a:05:dd:4b:d5:8d:c2:04:90:ec:4a:74:d8:01:15:71:
         2f:b5:a2:30:6f:1a:c4:0a:1b:74:3d:ba:3c:f2:76:ed:d7:9e:
         60:26:8e:59:43:f2:e4:1b:64:f1:ac:8e:7f:7c:60:0d:26:5c:
         9b:be:09:c7:22:d9:ab:f1:73:09:0b:1a:0f:e8:a6:7c:36:45:
         8a:51:25:36:19:d9:88:5d:99:0d:a1:f0:c3:5a:f4:e2:81:f1:
         21:db:14:35:bc:f4:87:d0:65:c9:ac:de:d6:44:8b:41:03:d0:
         e9:cc:7e:36:c4:1b:7f:6a:3b:15:d5:ba:f9:aa:58:20:4e:db:
         59:16:76:86:23:61:c6:06:43:12:4f:a3:32:bd:16:e3:cf:e0:
         8d:a1:6d:fa:b3:3b:e7:f1:a5:15:4a:c9:62:33:0f:42:37:bf:
         37:3d:0f:bd:30:11:f0:1d:af:09:13:42:eb:d1:d4:9d:a5:d4:
         04:13:a2:db:38:e6:f7:aa:1b:dc:6d:43:1f:50:95:50:f7:14:
         b5:5d:e2:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtgdgbBvRodsCucNh9IFGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYzhjZGE4MTRlNzc3ZDlmZTE1NGI5MmU5OTU5Y2UxMjBi
MGFkNTgwHhcNMjMwMTAxMTMyNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDdlNDI1MmIyYjhlZmVlYjgwZmNhOGM5OWY1NDEzNGNmOTdjZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkikmXaGfm8Dyalg6jCquekqObP9B
IMshrLUaitm7zpY+kh00GUiJU607OEq6xmTk7Mop7r/g0qmrY6Yx0urLNMFcZbig
BwHslPl5sSsRzcJEpHuPCaqc7lbJKSXzgJic+PQfkousgvmNp4FF66iQjhppR0aP
QZdlHRiS+Yb+FoWAtEE9ttGMJcyrEB9fCczEprGwXWSg4JheNiqKfzaqYpkjn3c9
OtHN3hUSYB+LX703ik3PqreohJBudT9TOxxSGY4nCSOLlt5ExWzgDCADNooALFgs
nwi0e7Dvy4obaqRhj/LEO/z2CoZe5fvxvli4uGINYzT5OtAv8d7fY5dCfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA1+QlKyuO/uuA/KjJn1QTTPl85hMB8GA1UdIwQY
MBaAFKDIzagU53fZ/hVLkumVnOEgsK1YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb01qTnFCVG5kOW4tRlV1UzZaV2M0U0N3clZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9hYTI3MGEtYzA4OS00Nzc4LTkzNDMt
YjczNjJlZGJkOGFjLzEvRFg1Q1VySzQ3LTY0RDhxTW1mVkJOTS1Yem1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9hYTI3MGEtYzA4OS00Nzc4LTkzNDMtYjczNjJlZGJkOGFj
LzEvb01qTnFCVG5kOW4tRlV1UzZaV2M0U0N3clZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwR4XAwQB
wR5aMA0GCSqGSIb3DQEBCwUAA4IBAQBIFWYmVs4kbAbtlTxga/aPuGm0YrxE6joX
TIvpHQ8EWj7oQnTYpOOkYLz1+2KLbmCYlLjBBSpZrpoF3UvVjcIEkOxKdNgBFXEv
taIwbxrECht0Pbo88nbt155gJo5ZQ/LkG2TxrI5/fGANJlybvgnHItmr8XMJCxoP
6KZ8NkWKUSU2GdmIXZkNofDDWvTigfEh2xQ1vPSH0GXJrN7WRItBA9DpzH42xBt/
ajsV1br5qlggTttZFnaGI2HGBkMST6MyvRbjz+CNoW36szvn8aUVSsliMw9CN783
PQ+9MBHwHa8JE0Lr0dSdpdQEE6LbOOb3qhvcbUMfUJVQ9xS1XeKd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:22 2024 by rpki-client on console-fra.rpki-client.org